r/linuxadmin

How do you secure passwords in bash scripts

How do you all secure passwords in bash scripts in 2024? I was reading about "pass", but found that its discontinued with epel repository.

I would like to understand and implement the best practices. Please advise

Edit 1: Scripts are scheduled ones to run daily once or twice. Secrets are db passwords, aws keys, api keys, sftp credentials etc.

Related Answers Section

top: A classic Unix tool that provides a dynamic real-time view of a running system. "The most 'linuxy' way is probably using some version of the 'top' tool on the commandline."
htop: An enhanced version of top with a more user-friendly interface. "Htop is an advanced, interactive system monitor process viewer written for Linux."
btop: A modern, feature-rich system monitor that offers a visually appealing interface. "I really like btop"
glances: A cross-platform monitoring tool that provides a lot of information through a curses or web interface. "Have a look at btop or maybe glances"
vmstat: Reports information about processes, memory, paging, block IO, traps, and CPU activity. "vmstat"
dstat: A versatile replacement for vmstat, iostat, and ifstat, offering more features. "Dstat allows you to view all of your system resources instantly."
iftop: Displays bandwidth usage on an interface by host. "iftop display bandwidth usage on an interface by host"

Conky: A highly customizable desktop monitor that can display a wide range of system information. "Look into Conky. You can customize the look of it to whatever you like."
KDE System Monitor: A built-in tool for KDE Plasma that can monitor various system parameters. "KDE's default plasma-systemmonitor can display all you mentioned if you prefer a gui monitor."
Mangohud: An overlay for gaming that displays system performance metrics. "Mangohud supports temperatures and all other infos you'll need."

Prometheus + Grafana: A powerful combination for collecting, storing, and visualizing metrics. "Prometheus + node_exporter + Grafana"
Zabbix: A robust monitoring solution that can handle a large number of devices and metrics. "Zabbix will do what you want but the setup of the server side is quite involved."
Netdata: A real-time performance monitoring tool that provides a web interface. "Netdata: https://github.com/netdata/netdata"
Checkmk: A monitoring tool that offers a simple setup and comprehensive monitoring capabilities. "Checkmk"

Falco: An eBPF-powered runtime security tool that detects anomalous behavior via rules. "Falco is a great tool for real-time security event collection."
Wazuh: An open-source security monitoring solution that includes SIEM capabilities. "I really like Wazuh, and it's open source SIEM capabilities are decent for the cost (free)."
Auditd: For kernel-level auditing and logging system calls, file accesses, etc. "One does not read auditd logs. It's not designed for human readability."

lm-sensors: A tool to monitor hardware sensors like CPU temperature, fan speed, and voltage. "lm-sensors deserves a look."
gkrellm: A graphical system monitor that can display various system statistics. "It's old, but gkrellm is kinda cool 😎"

For more personalized advice, consider asking in these subreddits: